Field of the Invention
The present invention relates to an information processing apparatus, an information processing method, and a storage medium for prompt restoration of the apparatus in a case where an encryption key is changed due to replacement of a chip, etc. and a user authentication function cannot be used normally.
Description of the Related Art
An information processing apparatus such as a personal computer (PC), a multi-function peripheral (MFP) (digital multi-function peripheral) having a print function, etc. encrypts confidential data in the information processing apparatus and stores the encrypted confidential data therein.
In recent years, there has been an information processing apparatus that encrypts/decrypts confidential data within the information processing apparatus by use of an encryption key stored in an external hardware security module (HSM) that is physically connected to the information processing apparatus.
One example of the HSM to be used is a Trusted Platform Module (TPM) that complies with the Trusted Computing Group ((TCG) “http:www.trustedcomputinggroup.org”) standard. The TPM is an anti-tamper security chip capable of securely managing an encryption key. In general, an apparatus including a TPM encrypts confidential data and securely manages a key used for the encryption within the TPM to realize secure management of the confidential data.
To use a TPM in an information processing apparatus, the TPM may be connected as an external chip to a hardware board included in the information processing apparatus. In this case, a backup of an encryption key (hereinafter, “TPM encryption key”) managed in the external TPM is needed to prepare for an accident that the TPM is damaged, lost, etc. Normally, the TPM encryption key is backed up by connecting an external memory medium such as a universal serial bus (USB) to the information processing apparatus to acquire the TPM encryption key. In a case where the external TPM is damaged, the user replaces the TPM of the information processing apparatus with a new TPM and connects the external memory medium storing the TPM encryption key to restore the TPM encryption key.
From the point of view of security, only a user granted high authority such as system administrator authority of the information processing apparatus is normally allowed to execute operations to backup and restore the TPM encryption key. User identification/authentication is conducted by verification of an identifier (ID) and password information by a user authentication function provided by the information processing apparatus. The user password information stored in the information processing apparatus is confidential data. Thus, the user password information is encrypted with the TPM encryption key, and the encrypted user password information is stored.
In a case where the damaged TPM is replaced with the new TPM, the TPM encryption key in the new TPM chip is different from the TPM encryption key stored in the old TPM before the old TPM was damaged. Thus, the confidential data encrypted with the TPM encryption key stored in the old TPM in the information processing apparatus cannot be decrypted/used. In the information processing apparatus that the user authentication function is enabled, the password encrypted with the TPM encryption key cannot be decrypted. Thus, even a user having system administrator authority cannot log in to the information processing apparatus. Accordingly, an operation to restore the TPM encryption key cannot be executed.
Japanese Patent Application Laid-Open No. 2004-240764 discusses an information processing apparatus that prompts a user to select whether to activate the information processing apparatus in a safe mode in a case where an HSM such as a TPM has been replaced. If the user selects activation in the safe mode, the information processing apparatus is reactivated in the safe mode, and if an instruction to disable the user authentication function is given in the safe mode, the user authentication function is disabled, and the information processing apparatus is reactivated.
According to the technique discussed in Japanese Patent Application Laid-Open No. 2004-240764, however, it is required to install a safe mode function in the information processing apparatus. Furthermore, since the user is required to change the mode and repeat reactivation of the information processing apparatus, it takes time to execute the restoration processing.